How to Use Google Alerts to Watch for WordPress Hacks

This may not be a perfect solution, but Google Alerts can at least be helpful in watching for hacks in your WordPress sites. If you’re like many of the people I know, you probably have more than one site running WordPress. Doing a site: search in Google every day is not the most efficient way of staying on top of the sites and making sure that they have not been compromised. Some hacks are hidden from normal browsing, so you won’t find them by simply visiting your own sites every day. For example, Chris Pearson has mentioned a recent issue with pharmacy spam showing up in search results for his site but not visible to users:

Yeah, they’re good for new pages and tracking indexing too. I figure they’re not perfect, but at least they’re better than nothing at all. Maybe someone needs to build something more reliable…or maybe there already is something.

Why not just a cron job that gives you a list of new/changed files on the server? This could be especially accurate if you used S3 for your upload storage so you’re not putting anything new on your server by operation of the site other than maybe some cache files.

Yeah, it wouldn’t catch that unless you built a script to do searches for keywords across all your db’s. I just like the idea of catching it before people are coming to the site from indexed spam content.